FreeBSD : phpMyAdmin -- Multiple security vulnerabilities (8c8fa44d-ad15-11e2-8cea-6805ca0b3d42)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The phpMyAdmin development team reports :

In some PHP versions, the preg_replace() function can be tricked into
executing arbitrary PHP code on the server. This is done by passing a
crafted argument as the regular expression, containing a null byte.
phpMyAdmin does not correctly sanitize an argument passed to
preg_replace() when using the 'Replace table prefix' feature, opening
the way to this vulnerability..

This vulnerability can be triggered only by someone who logged in to
phpMyAdmin, as the usual token protection prevents non-logged-in users
to access the required form.

phpMyAdmin can be configured to save an export file on the web server,
via its SaveDir directive. With this in place, it's possible, either
via a crafted filename template or a crafted table name, to save a
double extension file like foobar.php.sql. In turn, an Apache
webserver on which there is no definition for the MIME type 'sql' (the
default) will treat this saved file as a '.php' script, leading to
remote code execution.

This vulnerability can be triggered only by someone who logged in to
phpMyAdmin, as the usual token protection prevents non-logged-in users
to access the required form. Moreover, the SaveDir directive is empty
by default, so a default configuration is not vulnerable. The
$cfg['SaveDir'] directive must be configured, and the server must be
running Apache with mod_mime to be exploitable.

See also :

http://www.nessus.org/u?645ae48f

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 66210 ()

Bugtraq ID:

CVE ID: CVE-2013-3238
CVE-2013-3239

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now